The author tries to give the impression that qmail has been through a real usage workout (used at very large sites, has lots of installations), and I certainly can't say for sure otherwise. Still, I'm not very convinced that qmail has had the eyeballs and testing to really call it as solid as the author would like to call it.
I had a look at the Debian popularity contest numbers. There are four times more sendmail installations than qmail, and there are eight times more Postfix installations than sendmail. All of these are well behind exim, which is Debian's default.
The author tries to argue that minimizing privileges of trusted code is a distraction. He basically says that if it's trusted and it has a bug, it's still a security problem. That's true as far as it goes, but I think it misses the point of minimizing privileges. The point is to reduce the severity of problems created by bugs. This is similar to how I reduce the severity of my daughter's injuries by letting her use safety scissors rather than a chainsaw. Sure, she could still put an eye out if she really tries, but if I've saved her from losing a limb, I think it's a good policy. Sometimes you can't (or don't have time to) fix all the bugs in a program, but you can make the bugs it has do less damage.
He has good things to say about being secure but less efficient, as clinton has already highlighted.
In reply to Re: [OT] Some thoughts on security after ten years of qmail 1.0
by kyle
in thread [OT] Some thoughts on security after ten years of qmail 1.0
by clinton
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |